asa 5505 dual isp loadbalancing with router

kunalmausam83 · ‎10-17-2013

Hello,

My current network is like, have 2 ISP that is directly terminated on asa 5505 , on that Site-to-Site VPN is already working with vpn failover with both isp through sla monitoring.

My requirement is loadbalace with both ISP traffic should pass 50-50, we have one free 1941 router, which we want to connect for loadbalancing, please help to redesign the network and what configuration have to do on router and firewall.

Note: Site-to-site VPN should not affect.

200.10.10.5 202.20.20.10

ISP1 ISP2

|

|.

ASA 5505

|

Switch 3560

Julio Carvajal · ‎10-17-2013

Hello,

As you might already know load-balancing or PBR is not supported on the ASA so my recommendation would be to set that 1941 on the outside interface of the router and perform the PBR and load-balancing there.

With that you will be able to route traffic as you wish,

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

narawat · ‎10-17-2013

Hi,

Please verify if the following fits into your requisite :

https://supportforums.cisco.com/docs/DOC-15622

Else PBR as such is not supported on ASA; and you would need a Router as mentioned by Julio

Cheers,

Naveen

kunalmausam83 · ‎10-17-2013

Hi Naveen,

Thanks, What ip address have to assign between router to ASA , what will be the VPN gateway IP , this is working in VPN failover, will this affect our VPN, please share the command to configure this will great help to do.

Thanks

Kunal

kunalmausam83 · ‎10-17-2013

Hi All,

Thanks, will this affect our execing VPN which is configured in ASA how ASA will know link is failed and switch over the link, as know ROUTER will decide to switchover the link , please help to configured.

Thanks

Kunal